mirror of
https://github.com/nodejs/node.git
synced 2025-05-06 14:52:19 +00:00
ca5f8f80e3
Previously, the reason argument passed to ServerResponse#writeHead was not being properly validated. One could pass CRLFs which could lead to http response splitting. This commit changes the behavior to throw an error in the event any invalid characters are included in the reason. CVE-2016-5325 PR-URL: https://github.com/nodejs/node-private/pull/60 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
47 lines
1.2 KiB
JavaScript
47 lines
1.2 KiB
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
const assert = require('assert');
|
|
const http = require('http');
|
|
|
|
function explicit(req, res) {
|
|
assert.throws(() => {
|
|
res.writeHead(200, `OK\r\nContent-Type: text/html\r\n`);
|
|
}, /Invalid character in statusMessage/);
|
|
|
|
assert.throws(() => {
|
|
res.writeHead(200, 'OK\u010D\u010AContent-Type: gotcha\r\n');
|
|
}, /Invalid character in statusMessage/);
|
|
|
|
res.statusMessage = 'OK';
|
|
res.end();
|
|
}
|
|
|
|
function implicit(req, res) {
|
|
assert.throws(() => {
|
|
res.statusMessage = `OK\r\nContent-Type: text/html\r\n`;
|
|
res.writeHead(200);
|
|
}, /Invalid character in statusMessage/);
|
|
res.statusMessage = 'OK';
|
|
res.end();
|
|
}
|
|
|
|
const server = http.createServer((req, res) => {
|
|
if (req.url === '/explicit') {
|
|
explicit(req, res);
|
|
} else {
|
|
implicit(req, res);
|
|
}
|
|
}).listen(common.PORT, common.mustCall(() => {
|
|
const url = `http://localhost:${common.PORT}`;
|
|
let left = 2;
|
|
const check = common.mustCall((res) => {
|
|
left--;
|
|
assert.notEqual(res.headers['content-type'], 'text/html');
|
|
assert.notEqual(res.headers['content-type'], 'gotcha');
|
|
if (left === 0) server.close();
|
|
}, 2);
|
|
http.get(`${url}/explicit`, check).end();
|
|
http.get(`${url}/implicit`, check).end();
|
|
}));
|